(One PNC customer’s account showed a number of “miscellaneous withdrawals” that the bank said it would reverse. Image provided by customer)

By Tim Jimenez

PHILADELPHIA (CBS) — A number of PNC bank customers woke up today seeing less money in theiraccounts.

The company is calling it a “glitch.”

PNC spokeswoman Marcey Zwiebel says if you checked your bank account and saw a number of strange charges, or may have had that mortgage payment taken out twice, don’t worry. She says they’re working on it.

Zwieble says an overnight processing delay is to blame, messing with transactions in general. When asked if this was hacking or some kind of scam, Zwiebel said, “This is not a security related issue.”

There was no word from PNC on how many customers were affected, but Zwiebel says only certain groups of customers were affected.

If you see any problems with your account or have questions, she says, you should go to a branch, or call their customer service line at 1-888-PNC-BANK.

They’re hoping for a fix by the evening hours, and Zwiebel says customers will not be responsible for overdraft fees resulting from their problem.

By Rick Karlin

Published 9:24 pm, Thursday, January 2, 2014

Approximately 40,000 welfare, food stamp and unemployment recipients were told this month that their electronic benefit card information may have been viewed by hackers.

There's no evidence that anyone actually suffered a loss from the electronic intrusion, but officials are wondering why the major bank that administers the cards, J.P. Morgan Chase, took nearly three months to tell them about the breach.

The potential breach occurred between July 17 and Sept. 17.

It involved an estimated 465,000 people nationwide after unencrypted personal data for cash card holders showed up on a site maintained by the bank for its UCard cash card system.

If someone accessed the site and, for example, entered an address change or other update, it briefly showed up in a form that was not encoded. Normally, personal information on the site is encrypted.

The data was not believed to include Social Security numbers and led to no known theft or loss of money.

The potential breach was reported by Reuters in early December, around the same time state officials said they were notified.

Other states, including Connecticut and Louisiana, also use the system for services like welfare payments as well as income tax refunds.

J.P. Morgan Chase spokesman Michael Fusco said they initially focused their effort on dealing with the potential breach.

"When we detected the issue, our first priority was to protect the system," he said. "We quickly fixed the issue and began an extensive investigation to find out what happened."

The bank this month emailed cardholders who might have been affected, Fusco said, stressing that no one has reported any improper use of their cards.

Additionally, the bank will offer two years of free credit monitoring for people who may have had their data viewed.

Still, the episode has left state officials in New York as well as other states wondering why they weren't immediately informed.

"The State is awaiting an explanation from Chase as to why the State and its departments were not informed until December 3 of the potential security breach that was discovered in mid-September," a statement on the Labor Department website said.

"We believe it would have been appropriate for J.P. Morgan Chase to notify us immediately and we are currently assessing the matter further," Labor spokesman Chris White said in an email.

Rapid7: Hackers to Focus on Internet of Things in 2014

As a result, Internet Identity suggests, 2014 could see the first murder by Internet.

Vulnerability management firm Rapid7 recently told CIO Insight's Robert Lemos that Internet-connected devices are becoming increasingly attractive targets for cyber criminals -- and while 2013 saw a few such attacks, the company says the number will surge in the coming year.

"This is only set to continue -- we're already seeing network-enabled toasters, kettles, fridges and much more emerging," Rapid7 told Lemos. "Unfortunately, researchers have found time and again that security issues abound on embedded devices, and they are typically very poorly patched."

The problem, according to Rapid7, is that time to market usually trumps security concerns as companies launch such products.

The hackers used Skype's Twitter account to claim that Microsoft is 'monitoring your accounts and selling the data to the governments.'

On Skype's Twitter account, the hackers posted, "Don't use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments. More details soon #SEA"

On their own Twitter account, the hackers also posted what they claimed were Microsoft CEO Steve Ballmer's e-mail address and phone number, writing, "You can thank Microsoft for monitoring your accounts/emails using this details."

Soon after, Microsoft regained control of the Skype Twitter account and stated, "You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience."

As Sophos' Chester Wisniewski notes, the nature of the attack seems to indicate either that the same password was shared between the three social media accounts or that a Skype employee's e-mail account was compromised -- and more importantly, it indicates that Microsoft isn't using two-factor authentication on its social media accounts.

"I believe it is the responsibility of organizations with a large number of followers to do whatever they can to secure their profiles," Wisniewski writes. "I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you."

"With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective," Internet Identity president and CTO Rod Rasmussen said in a statement. "That’s horrifying. Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used."

http://www.esecurityplanet.com/network-security/snapchat-hacked.html

Snapchat Hacked

4.6 million users' phone numbers and user names were made available online.

The hackers made the data available at SnapchatDB.info with the last two digits of each phone number redacted "to minimize spam and abuse," but the site has since been taken down by its hosting provider.

"You are downloading 4.6 million users' phone number information, along with their usernames," the hackers wrote. "People tend to use the same username around the Web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with."

"Feel free to contact us to ask for the uncensored database," the hackers added. "Under certain circumstances, we may agree to release it."

In a statement provided to TechCrunch, the hackers explained, "Our main goal is to raise public awareness on how reckless many Internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn't want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness."